Use rsync to back up Windows event logs

Use rsync to back up Windows event logs

Windows software: cwRsyncServer

Next up is relatively simple to install, enter the page to create an account when you can set a password yourself.

服务器端:cwRsyncServer_4.0.5_Installe.zip
客户端:cwRsync_4.0.5_Installer.zip

Special reasons need to collect the Windows Application, Security, Setup, System event log, and the location of the event log in C:\Windows\System32\winevt\Logswhich, tested rsync can not synchronize files in this directory, so by way of a hard link to link it to another directory.

text
  • Create a hard link
echo off

md  C:\Eventlog
mklink /H C:\Eventlog\System.evtx    C:\Windows\System32\winevt\Logs\System.evtx  
mklink /H C:\Eventlog\Setup.evtx   C:\Windows\System32\winevt\Logs\Setup.evtx
mklink /H C:\Eventlog\Security.evtx   C:\Windows\System32\winevt\Logs\Security.evtx
mklink /H C:\Eventlog\Application.evtx   C:\Windows\System32\winevt\Logs\Application.evtx
  • rsync server

Profiles

use chroot = false
strict modes = false
log file = rsyncd.log
pid file = rsyncd.pid 
port = 8173 #默认端口8173 
uid = 0 #不指定uid,不加这一行将无法使用任何账户 
gid = 0 #不指定gid 
max connections = 20 #最大连接数20 
hosts allow =   IP #此处写允许连接的IP
read only = yes

[模块名]  
path = /cygdrive/e/路径/    #“/cygdrive/e/”不可更改,后面写路径
transfer logging = yes  
lock file = rsyncd.lock
read only = false  #关闭只读,使用rsync客户端推送,因此需要关闭
log file = #此处记录传输日志,写路径

Once you've configured to start the service, and to open firewall ports in 8173.

  • Client
    bat script
echo off

c:
cd C:\Program Files (x86)\ICW\Bin
rsync -avzP  --progress  --checksum --port=8173  /cygdrive/c/路径/  服务端IP::模块名

The client (push-side) bat script

schtasks /create /sc minute  /mo 5 /tn "rsync" /st 00:00  /tr C:\rsync\rsyslog.bat  /ru System  
#cmd 创建计划任务“rsync”,使用系统账户从当天0点开始每5分钟执行一次脚本rsyslog.bat 

You can also create scheduled tasks manually

Guess you like

Origin blog.51cto.com/13950323/2431417